Storm-0501 Shifts From On-Premises Ransomware to Cloud-Based Extortion
Microsoft warns Storm-0501 now focuses on cloud-native extortion: exfiltrating data, destroying backups, and encrypting cloud storage rather than encrypting on-premises
Microsoft warns Storm-0501 now focuses on cloud-native extortion: exfiltrating data, destroying backups, and encrypting cloud storage rather than encrypting on-premises
CPAP’s systems were breached in December 2024, exposing names, SSNs, and protected health information for over 90,000 individuals including military
Healthcare Services Group reports a late-2024 intrusion that exposed personal data for 624,000 people; company offers identity protection and continues
Researchers uncovered PromptLock, the first AI-powered ransomware generating malicious Lua scripts via LLM prompts. Though only a proof-of-concept, it highlights
Microsoft warns Storm-0501 now focuses on cloud-native extortion: exfiltrating data, destroying backups, and encrypting cloud storage rather than encrypting on-premises
A cyberattack on Miljödata disrupted services across 200+ Swedish municipalities and may have exposed sensitive personal data; a ransom demand
Researchers show image-scaling prompt injection can hide executable instructions that surface only after downscaling, enabling LLM-driven data exfiltration across multiple
Auchan disclosed a cyberattack exposing contact and loyalty data for several hundred thousand customers; bank details and passwords were not
A critical SSRF in Docker Desktop (CVE-2025-9074) let containers reach the Docker Engine API and bind host storage; Docker issued
CISA warns of actively exploited Git vulnerability CVE-2025-48384 that enables arbitrary code execution via crafted submodules; federal patch deadline set
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.